From the course: Android App Security: A Structured Approach to Pen Testing
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Content provider testing: SQL injection - Android Tutorial
From the course: Android App Security: A Structured Approach to Pen Testing
Content provider testing: SQL injection
- [Instructor] Another common test for Android applications is local SQL injection. As you know, that in case of web applications, you'll find SQL injection is a server-side vulnerability, but, in case of Android applications, depending on the application functionality, you can also have a local database, which is the SQLite database. This database typically sits on your Android device. Now, if your application is complex enough, you can have two database instances. One, the SQLite database, which sits on your device, another could be any other version of SQL, or no-SQL database, which sits at the server end. Here, we are going to talk about the local SQL injection, which happens on the SQLite database. To test for SQL injections in the content provider, Drozer has a module, which is scanner.provider.injection. Let's just go ahead and run that. Run scanner.provider.injection followed by the package name, which is…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
-
(Locked)
Introduction to drozer1m 25s
-
(Locked)
drozer architecture51s
-
(Locked)
drozer setup4m 13s
-
(Locked)
Sieve application overview2m 23s
-
(Locked)
Basic commands3m 42s
-
(Locked)
Activity testing3m 30s
-
(Locked)
Content provider testing4m 9s
-
(Locked)
Content provider testing: SQL injection4m 22s
-
(Locked)
-